Login procedures are becoming more complex in order to thwart trespassers. Multi-phase (or multi-factor) authentication is commonly considered the next desirable step in securing login procedures. Multi-phase authentication strengthens login password security by adding a second, third, or fourth layer of security to the process. The additional authentication factor commonly used with a password can be a PIN (personal identification number) code, a hardware token, an ATM card, or any one of various identifiers.
The current state of the art in verifying users across devices, however, trades off security and usability. For example, using four-digit codes sent via a SMS (short messaging service) message as the second factor to the user's mobile phone requires that the user manually type the code into a login form on a webpage (or application) displayed by a laptop, tablet or other computer. In order that the usability of this approach does not suffer substantially, the SMS codes are typically short and simple, often just four alphanumeric characters. This simplicity, while beneficial in terms of usability, renders codes that are easier to hack.
Referring now to FIG. 1 there is shown a simplified exemplary illustration of authentication on a single device, such as a mobile phone 110, according to the known art. The code 104 sent via a SMS message 102 is previewed in the upper part of the device screen, allowing the user to view the application. The user simply enters the code 104 shown on his/her device 110 into the input box 106. Currently, four digit plain text codes are sent via SMS. The implementation is the same across devices, as shown in FIG. 2.
There is a need for an authentication process across devices that resolves the trade-off between security and usability.